Merge pull request NEKOGET#712 from kenjis/fix-security

Add explanation for csrf_auto_token option
kenjis · Feb 11, 2016 · 255d0ca · 255d0ca
2 parents 362a5cc + 035ae6d
commit 255d0ca
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/classes/security.html b/classes/security.html
@@ -171,6 +171,14 @@ <h3 id="configuration">Configuration</h3>
 								When csrf_autoload is true, the CSRF token will be validated for all http methods in this array.
 							</td>
 						</tr>
+						<tr>
+							<th>csrf_auto_token</th>
+							<td>boolean</td>
+							<td><pre class="php"><code>false</code></pre></td>
+							<td>
+								When true, Form::open() adds CSRF token hidden field automatically.
+							</td>
+						</tr>
 					</tbody>
 				</table>
 				<p class="note">Note that if you enable "csrf_autoload", <strong>ALL</strong> your HTTP requests of the specified type <strong>MUST</strong> contain a CSRF token, or the validation will fail and a SecurityException will be thrown.</p>